The 802.11 hardware on the network adapter filters all packets received, and delivers to the hostĪll Unicast packets that are being sent to one of the addresses for that adapter, i.e. Table of contentsĨ02.11 traffic includes data packets, which are the packets used for normal network protocols it also includes management packets and low-level control packets. Unfortunately, changing the 802.11 capture modes is very platform/network adapter/driver/libpcap dependent, and might not be possible at all (Windows is very limited here). The following will provide some 802.11 network details, and will describe how to disable the translation/filtering and see what's "really" going on inside your WLAN. That's one of the reasons why the 802.11 network adapters have two additional mechanisms to ignore unwanted packets at the receiving side: channels and SSID's.Ĭonclusion: the packets you'll be capturing with default settings might be modified, and only a limited number of the packets transmitted through the WLAN. Compared to Ethernet, the 802.11 network is even "broader", as the transmitted packets are not limited by the cable medium. In this case, you won't see any 802.11 management or control packets at all, and the 802.11 packet headers are "translated" by the network driver to "fake" Ethernet packet headers.Ī 802.11 LAN uses a "broadcast medium", much like (the mostly obsolete shared) Ethernet. Without any interaction, capturing on WLAN's may capture only user data packets with "fake" Ethernet headers. traffic between two or more other machines on an Ethernet segment, or are interested in 802.11 management or control packets, or are interested in radio-layer information about packets, you will probably have to capture in "monitor mode".
If you're trying to capture network traffic that's not being sent to or from the machine running Wireshark or TShark, i.e.
network traffic from that machine to itself, you will need to capture on a loopback interface, if that's possible see CaptureSetup/Loopback.) (If you're trying to capture network traffic between processes running on the machine running Wireshark or TShark, i.e. If you are only trying to capture network traffic between the machine running Wireshark or TShark and other machines on the network, are only interested in regular network data, rather than 802.11 management or control packets, and are not interested in radio-layer information about packets such as signal strength and data rates, you should be able to do this by capturing on the network interface through which the packets will be transmitted and received no special setup should be necessary.
The following will explain capturing on 802.11 wireless networks ( WLAN).